This opinion addresses the following issues: 1) file retention policies; 2) how long a file should be retained; 3) what constitutes a client’s file; 4) what parts of the file can be destroyed; 5) the ethical considerations related to electronic data; 6) in what format and how the client’s file should be delivered; and 7) if the client can be charged for the cost associated with copying the file.
Specifically addressing the use of cloud computing in practice management, the Ethics Opinion uses the “reasonable care” standard and covers the benefits as well as the potential risk. The opinion refers to the Nevada State Bar Formal Opinion No. 33 and Arizona State Bar Opinion 09‐04 approving of third-party storage of law office data.
From the opinion:
A lawyer may also choose to store or “back-up” client files via a third-party provider or internet-based server, provided that the lawyer exercises reasonable care in doing so. These third-party or internet-based servers may include what is commonly referred to as “cloud computing.” According to a recent ABA Journal article on the subject, “cloud computing” is a “sophisticated form of remote electronic data storage on the internet. Unlike traditional methods that maintain data on a computer or server at a law office or other place of business, data stored ‘in the cloud’ is kept on large servers located elsewhere and maintained by a vendor.” Richard Acello, Get Your Head in the Cloud, ABA Journal, April 2010, at 28-29.
The obvious advantage to “cloud computing” is the lawyer’s increased access to client data. As long as there is an internet connection available, the lawyer would have the capability of accessing client data whether he was out of the office, out of the state, or even out of the country. In addition, “cloud computing” may also allow clients greater access to their own files over the internet.
However, there are also confidentiality issues that arise with the use of “cloud computing.” Client confidences and secrets are no longer under the direct control of the lawyer or his law firm; rather, client data is now in the hands of a third‐party that is free to access the data and move it from location to location. Additionally, there is always the possibility that a third party could illegally gain access to the server and confidential client data through the internet. However, such confidentiality concerns have not deterred other states from approving the use of third‐party vendors for the storage of client information.